Jump to content

Change Mode

HiJack


jacem5397
 Share

Recommended Posts

My PC has really been dragging and acting up,Ive done all the scans,Avast boot time,Avast full scan,CCleaner,Super anti spyware etc.Can someone please take a look at this and see if Im missing anything.Thank You much !!

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:12 PM, on 10/8/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Users\jonathan\AppData\Local\Smartbar\Application\SnapDo.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\jonathan\AppData\Roaming\Search Protection\SearchProtection.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\jonathan\AppData\Local\Smartbar\Application\Lrcnta.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1400284403&from=tugs&uid=ST31000528AS_6VPD4B7L&i=psd&t=342a27184
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1400284403&from=tugs&uid=ST31000528AS_6VPD4B7L&i=psd&t=342a27184&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqV9uao1hAZn4E9dTmxtrVlNenZBzfD7nteioyqjHyhYh5B5bVSmfnc5S2Au3c_V7G2yrs2urt6CJXvA1pkYIPmq8bl2YTCZ3M3wkgoW5KftiwuFBqNGbWn6H8SiuYfLVJ4zNy_7NPqDIg,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqV9uao1hAZn4E9dTmxtrVlNenZBzfD7nteioyqjHyhYh5B5bVSmfnc5S2Au3c_V7G2yrs2urt6CJXvA1pkYIPmq8bl2YTCZ3M3wkgoW5KftiwuFBqNGbWn6H8SiuYfLVJ4zNy_7NPqDIg,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqV9uao1hAZn4E9dTmxtrVlNenZBzfD7nteioyqjHyhYh5B5bVSmfnc5S2Au3c_V7G2yrs2urt6CJXvA2tTU8AFfV9rept4ZMkHf85xlrN9w-J8SU5NYIUXH3uXvkqAwkvBjgveD3GGkig,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1400284403&from=tugs&uid=ST31000528AS_6VPD4B7L&i=psd&t=342a27184
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1400284403&from=tugs&uid=ST31000528AS_6VPD4B7L&i=psd&t=342a27184&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqV9uao1hAZn4E9dTmxtrVlNenZBzfD7nteioyqjHyhYh5B5bVSmfnc5S2Au3c_V7G2yrs2urt6CJXvA1pkYIPmq8bl2YTCZ3M3wkgoW5KftiwuFBqNGbWn6H8SiuYfLVJ4zNy_7NPqDIg,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqV9uao1hAZn4E9dTmxtrVlNenZBzfD7nteioyqjHyhYh5B5bVSmfnc5S2Au3c_V7G2yrs2urt6CJXvA1pkYIPmq8bl2YTCZ3M3wkgoW5KftiwuFBqNGbWn6H8SiuYfLVJ4zNy_7NPqDIg,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
O2 - BHO: HelloWorldBHO - {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)
O3 - Toolbar: (no name) - {9ae277e9-32f4-46d5-94f4-20201609d1d0} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing)
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [speetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [sPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe
O4 - HKCU\..\Run: [speedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\jonathan\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [searchProtection] "C:\Users\jonathan\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKCU\..\Run: [browser Infrastructure Helper] C:\Users\jonathan\AppData\Local\Smartbar\Application\SnapDo.exe startup
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: IMVU.lnk = jonathan\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{35400ED1-EC6A-463E-892A-2C201C84A4E6}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client Virtualization Handler (cvhsvc) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: HP Support Assistant Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (file missing)
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Unknown owner - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PCPitstop Scheduling - Unknown owner - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - Unknown owner - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Unknown owner - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Application Virtualization Client (sftlist) - Unknown owner - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (file missing)
O23 - Service: Application Virtualization Service Agent (sftvsa) - Unknown owner - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - Unknown owner - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - Unknown owner - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Unknown owner - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (file missing)
O23 - Service: Update Deal Keeper - Unknown owner - C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe (file missing)
O23 - Service: Update Okiitan - Unknown owner - C:\Program Files (x86)\Okiitan\updateOkiitan.exe (file missing)
O23 - Service: Util Okiitan - Unknown owner - C:\Program Files (x86)\Okiitan\bin\utilOkiitan.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17197 bytes

Link to comment
Share on other sites

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Download Malwarebytes' Anti-Malware to your desktop.

  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
  • ***************************************

    please post

    C:\AdwCleaner.txt

    JRT.txt

    Malwarebytes log

Link to comment
Share on other sites

Malware Anti Malware says it's already installed but not working properly,I tried uninstalling it 3 different ways and it keeps saying something is missing and have to uninstall and reboot.Tried that and still can't install a new one,anyway here's what I have.Adw log and JRT.

 

# AdwCleaner v3.311 - Report created 10/10/2014 at 21:41:57
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jonathan - JONATHAN-HP
# Running from : C:\Users\jonathan\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browsersafeguard
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wiseconvert
Folder Deleted : C:\Program Files (x86)\App Bud
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\SiteLookup
Folder Deleted : C:\Program Files (x86)\wiseconvert
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Users\jonathan\AppData\Local\globalUpdate
Folder Deleted : C:\Users\jonathan\AppData\Local\LPT
Folder Deleted : C:\Users\jonathan\AppData\Local\Smartbar
Folder Deleted : C:\Users\jonathan\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\jonathan\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\jonathan\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\jonathan\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\jonathan\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\jonathan\AppData\Roaming\Systweak
Folder Deleted : C:\Users\jonathan\AppData\Roaming\v9
Folder Deleted : C:\Users\Kids\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Public\Documents\iWin
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\VideoDownloadConverter_4z
Folder Deleted : C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected]
Folder Deleted : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\5a1a0byj.default\Extensions\[email protected]
Folder Deleted : C:\Users\KIDS.jonathan-HP\AppData\Roaming\Mozilla\Firefox\Profiles\nwas52t2.default\Extensions\[email protected]
Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys
File Deleted : C:\Users\jonathan\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\jonathan\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\jonathan\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\jonathan\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\5a1a0byj.default\searchplugins\astromenda.xml
File Deleted : C:\Users\KIDS.jonathan-HP\AppData\Roaming\Mozilla\Firefox\Profiles\nwas52t2.default\searchplugins\astromenda.xml
File Deleted : C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\searchplugins\Web Search.xml

***** [ Scheduled Tasks ] *****

Task Deleted : ASP
Task Deleted : Dealply
Task Deleted : DSite
Task Deleted : GorillaPrice
Task Deleted : LaunchSignup
Task Deleted : schedule!3036567561
Task Deleted : WSE_Astromenda

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\now-download-free bundle\now-download-free bundle.lnk
Shortcut Disinfected : C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [browser Infrastructure Helper]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtection]
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sPDriver]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SecuredDownload
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\BrowserSafeGuard
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Object Browser
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\Wpm
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserSafeGuard
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
Line Deleted : user_pref("browser.search.defaultengine", "Trovi");
Line Deleted : user_pref("extensions.crossrider.bic", "1460374651dd678d0a6e1729f0f16909");
Line Deleted : user_pref("extensions.enabledAddons", "amznUWL2%40amazon.com:1.10,plugin%40starstable.com:1.0.0.2,%7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.159,notreal.ccoptions%40environmentalchemistry.com:25[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131148,19890,0,71,0&p=");
Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
Line Deleted : user_pref("[email protected]", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.prev", "hxxp://sports.yahoo.com/");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=C2AFB9EA-BC80-4515-83DF-600766735F62&n=780bd3b1&p2=^HJ^xdm017^YYA^us&si=pconvF[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.page.savedPrev", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.page.tb", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.33.3.42825");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=C2AFB9EA-BC80-4515-83DF-600766735F62&n=780bd3b1&p2=^HJ^xdm017^YYA^us&si=pconvFF");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installKeysSource", "LocalStorage");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installType", "XPI");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2014041009");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm017^YYA^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconvFF");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.pixelUrl", "hxxp://videodownloadconverter.dl.tb.ask.com/install_pixels.jhtml?partner=^HJ^xdm017^YYA^us&coId=db068d463d044355937b0636074[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "C2AFB9EA-BC80-4515-83DF-600766735F62");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1400524929986");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.33.3.58478");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://pconverter.com/thankyou.php");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "02108");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("iminent.LayoutId", "1");
Line Deleted : user_pref("iminent.ShowThankyouPixel", "0");
Line Deleted : user_pref("iminent.enabledAds", "obsolete");
Line Deleted : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCtsKywrDCt8KxwrHCtsKw");
Line Deleted : user_pref("iminent.registerToolbarEvent101", "1400388430288");
Line Deleted : user_pref("iminent.registerToolbarEvent102", "1400271305830");
Line Deleted : user_pref("iminent.registerToolbarEvent140", "1400460298749");
Line Deleted : user_pref("iminent.trackExternalScripts1", "1400271231756");
Line Deleted : user_pref("iminent.trackExternalScripts2", "1400271239418");
Line Deleted : user_pref("iminent.trackExternalScripts3", "1400271244073");
Line Deleted : user_pref("iminent.version", "8.19.3.1");
Line Deleted : user_pref("startpage.ntsearch_url", "hxxp://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=0&p={searchTerms}");

[ File : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\5a1a0byj.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_cmi_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtByC0A0EyC0EzyyBtCtB0EtN0D0Tzu0SzyyCyDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1S[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");

[ File : C:\Users\KIDS.jonathan-HP\AppData\Roaming\Mozilla\Firefox\Profiles\nwas52t2.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_cmi_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtByC0A0EyC0EzyyBtCtB0EtN0D0Tzu0SzyyCyDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1S[...]

-\\ Google Chrome v

[ File : C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : ohgcjecomkebbohfjgmncelbhogbbokf

*************************

AdwCleaner[R0].txt - [1196 octets] - [07/01/2014 09:52:12]
AdwCleaner[R1].txt - [34148 octets] - [10/10/2014 21:39:37]
AdwCleaner[s0].txt - [1257 octets] - [07/01/2014 09:55:45]
AdwCleaner[s1].txt - [30457 octets] - [10/10/2014 21:41:57]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [30518 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by jonathan on Fri 10/10/2014 at 21:59:55.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\speetitupfree
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup(1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup(1)_RASMANCS
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\jonathan\AppData\Roaming\ask4expert"
Successfully deleted: [Folder] "C:\Users\jonathan\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\jonathan\AppData\Roaming\printatree"
Successfully deleted: [Folder] "C:\Users\jonathan\appdata\local\festivebar_3g"
Successfully deleted: [Folder] "C:\Users\jonathan\appdata\locallow\festivebar_3g"
Successfully deleted: [Folder] "C:\Users\jonathan\appdata\locallow\weatherblinkei"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{0BC709F8-714B-42A7-A473-1AB81C8EF03A}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{0D2015D5-2BAF-4F6C-BA58-829A376BB9C1}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{2D25C5D4-12FA-4DFE-987B-6E3B3C719C0A}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{2FDF9522-DF5C-4475-B113-54E5D9A3DF1D}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{3082CC6E-9198-4E97-9D8C-DE944F7E99EB}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{432F27DA-D43E-4F2D-B4F9-0F8CF2F66A90}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{5467C66F-8FC0-4BC8-BEAE-9DAA17AAEF6A}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{684DF250-174E-4887-B656-65AAF035CBB3}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{6A9F39C5-301D-4BCA-9809-A3BFB08BE908}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{76660E8C-399B-4C3E-B36F-80F537CFDE2A}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{788667AE-83B2-4344-AD91-3A87172A73AC}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{844D76BC-BBE7-4F57-998F-3A4C531FA1BC}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{87759B92-486A-4A9D-9184-32432F3E7657}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{8AF609AF-36A2-4365-837D-848CAF75F64E}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{937DA951-30E0-4FE9-8220-298F9C2E2599}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{9446CFCB-750C-48E9-B95A-24C103C664AF}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{B6CEB53B-172B-404E-A872-7AF8EBB64F6E}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{B72B146E-9FE3-4F4F-95E4-521EB94D6502}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{C5964172-BFAF-44A9-B004-1800C06CB33E}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{CBD9F39F-17AC-41A3-8A78-8664EEFB9746}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{CCFD226B-8620-4504-B97B-B1DDAC3AE446}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{D1C7D23E-B01A-4D52-AD3C-29A1DAB56D0F}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{DA54CED0-8FB5-4B43-AC6D-A478EC621B7F}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{E9DBA5D8-E05B-4961-914B-D642E9E2FCB5}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{F79D2932-0B10-4EEC-9308-F27BF48872DF}
Successfully deleted: [Empty Folder] C:\Users\jonathan\appdata\local\{FF85B982-1586-445F-9A66-4119F2C51B20}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]_3g.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}
Successfully deleted the following from C:\Users\jonathan\AppData\Roaming\mozilla\firefox\profiles\immw6qkn.default\prefs.js

user_pref("playbryte.pingdate", "Sat Nov 02 2013 11:17:00 GMT-0400 (Eastern Standard Time)");
Emptied folder: C:\Users\jonathan\AppData\Roaming\mozilla\firefox\profiles\immw6qkn.default\minidumps [601 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/10/2014 at 22:03:49.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to comment
Share on other sites

MBAM CLEAN removal tools.

https://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/

Scroll down to the Free version (If you have the free version)

 

Try the above, then try to download and install again.

 

~~~~~~~~~~~~~~~~~~~~

 

Scan with FRST in normal mode

 

Please download Farbar's Recovery Scan Tool to your desktop:

 

FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)

(To use correct version for your system.....Which system am I using?)

  • Run FRST
  • Don´t change the checkboxes just click on Scan.
  • Logfiles are created on your desktop.
  • Post the FRST.txt
  • The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.
Link to comment
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by jonathan at 2014-10-12 15:57:33
Running from C:\Users\jonathan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31227 - BitTorrent Inc.)
3 Cards to Dead Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F0836B8C-CA10-7080-A6D5-B28FD1DF62CF}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
AMD Problem Report Wizard (Version: 3.0.838.0 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
Angelica Weaver: Catch Me When You Can Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Antique Road Trip 2: Homecoming (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Baby Luv (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version: - EA Digital illusions)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Burger Shop 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CameraHelperMsi (x32 Version: 13.25.1010.0 - Logitech) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Clue (HKLM-x32\...\Clue) (Version: - )
Consumer Input Firefox Extension (remove only) (HKCU\...\Consumer Input Firefox Extension) (Version: 2.7.1.53 - Compete Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Cruel Games: Red Riding Hood (x32 Version: 3.0.2.38 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Parables - Curse of Briar Rose (x32 Version: 2.2.0.95 - WildTangent) Hidden
Deadly Voltage: Rise of the Invincible (x32 Version: 3.0.2.38 - WildTangent) Hidden
Deep Sea Tycoon (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diego's Dinosaur Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diego's Ultimate Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX Media Runtime 5.1 (HKLM-x32\...\DirectXMediaRuntime) (Version: - )
Disney Toontown Online (HKLM-x32\...\Disney Toontown Online) (Version: - Walt Disney Internet Group)
Dora Saves the Snow Princess (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dracula Series Part 3: The Destruction of the Evil (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dream Sleuth (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dying for Daylight (x32 Version: 2.2.0.97 - WildTangent) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FBI Paranormal Case: Extended Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Feeding Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Feeding Frenzy 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
FeralHeart version 1.13 (HKLM-x32\...\{EAD29228-1A50-4178-B1EA-E1D83FC691F0}_is1) (Version: 1.13 - Kovuworks)
Fish Tycoon (x32 Version: 2.2.0.95 - WildTangent) Hidden
FishCo (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Realms (HKCU\...\SOE-Free Realms) (Version: - Sony Online Entertainment)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Garrys Mod version 13.07.05 (HKLM\...\{C8F834F5-46EA-4933-8AA9-F6CD7D29EED0}_is1) (Version: 13.07.05 - Strogino CS Portal)
Ghost Recon Phantoms - NA (HKCU\...\fc418bf9b18f76aa) (Version: 1.36.2063.1 - Ubisoft)
Ghost Town Mysteries - Bodie (x32 Version: 2.2.0.98 - WildTangent) Hidden
GO Diego GO! Dinosaur Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Drive (HKLM-x32\...\{989FB5FD-9B00-4B32-8663-849CB1370DD1}) (Version: 1.10.4769.632 - Google, Inc.)
Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version: - Monolith Productions, Inc.)
Guffins Internet Explorer Toolbar (HKLM-x32\...\Guffinsbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Halloween: Trick or Treat (x32 Version: 3.0.2.32 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hide and Secret 4 (x32 Version: 2.2.0.98 - WildTangent) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
I SPY Spooky Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Inception of Darkness: Exorcist 3 (x32 Version: 3.0.2.38 - WildTangent) Hidden
Info Center 1.0.0.7 (HKLM-x32\...\Info Center_is1) (Version: 1.0.0.7 - PC Pitstop LLC)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Jane's Zoo (x32 Version: 2.2.0.97 - WildTangent) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Jewel Quest Mysteries (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LEGO Universe (HKLM-x32\...\NetDevil_LEGO_Universe_is1) (Version: - LEGO Software)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Lost Chronicles: Salem (x32 Version: 2.2.0.98 - WildTangent) Hidden
LWS Facebook (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.25.1016.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.25.1010.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.20.1166.0 - Logitech) Hidden
Magic Academy (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjong: Mysteries of the Past (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft PC Gamer Demo version 1.5 (HKLM-x32\...\{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1) (Version: 1.5 - Mojang)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version: - Stegersaurus Software Inc.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Novel (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mysteryville (x32 Version: 2.2.0.98 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.993 - Electronic Arts)
Nightfall Mysteries: Asylum Conspiracy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nora Roberts - Vision in White (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
now-download-free bundle (HKLM-x32\...\now-download-free bundle) (Version: 2.0.1.0 - now-download-free)
Our Worst Fears: Stained Skin (x32 Version: 2.2.0.98 - WildTangent) Hidden
PC Pitstop Optimize3 3.0 (HKLM-x32\...\PC Pitstop Optimize3_is1) (Version: 3.0.0.42 - PC Pitstop)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pet Show Craze (x32 Version: 2.2.0.98 - WildTangent) Hidden
Petz Catz 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Petz Dogz 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Phantasmat (x32 Version: 2.2.0.97 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Playfin (HKLM-x32\...\Playfin_1tbar Uninstall) (Version: - Playfin)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
Princess Isabella - A Witch's Curse (x32 Version: 2.2.0.95 - WildTangent) Hidden
Puppy Luv (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
ROBLOX Player for jonathan (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for jonathan (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Sea Life Safari (x32 Version: 2.2.0.95 - WildTangent) Hidden
Shrek 2: Ogre Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snap.Do (HKLM-x32\...\{4130EAB4-F6D3-4981-A6DC-82CBCC308208}) (Version: 11.112.1.19229 - ReSoft Ltd.) <==== ATTENTION
Splash PRO EX (HKLM-x32\...\Mirillis Splash PRO EX) (Version: 1.13.2 - Mirillis)
SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.1 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Suburban Mysteries: The Labyrinth of the Past (x32 Version: 3.0.2.32 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
Supple: Episode 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Institute: A Becky Brogan Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Otherside - Realm of Eons (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Secret of Margrave Manor (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
Torchlight (x32 Version: 3.0.2.59 - WildTangent) Hidden
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Activation (HKLM-x32\...\{92125850-CE9E-405F-8DC7-774DC36AE76C}_is1) (Version: - Verizon)
Verizon Download Manager (HKLM-x32\...\{E80D12A4-71F5-49E6-9598-6ADB0DBC7AE8}) (Version: 47 - SupportSoft)
Verizon Download Manager (HKLM-x32\...\{EDA40AA1-070C-48D1-9D77-50602BCDA95E}) (Version: 16 - SupportSoft)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Voodoo Whisperer: Curse of a Legend (x32 Version: 2.2.0.98 - WildTangent) Hidden
Vz In Home Agent (HKLM-x32\...\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}) (Version: 8.03.25 - Verizon)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.35.0 - Verizon)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.00 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
WiseConvert - GoldBar Ventures LTD. (HKLM-x32\...\WiseConvert) (Version: 1.0 - GoldBar Ventures LTD)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WolfQuest (HKLM-x32\...\{DD8F704E-B850-4775-9DFD-D3DE1775132B}) (Version: 1.6.3 - eduweb)
Wonder Pets! Save the Puppy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Zombie Bowl-o-Rama (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zoo Vet (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2066194065-2671423776-3564127478-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jonathan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2066194065-2671423776-3564127478-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\jonathan\AppData\Local\Roblox\Versions\version-e66ffbb509ce4483\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points =========================

22-09-2014 11:43:30 Scheduled Checkpoint
24-09-2014 07:00:13 Windows Update
28-09-2014 23:00:03 Windows Backup
02-10-2014 05:12:01 Windows Update
05-10-2014 04:43:48 Installed DirectX
05-10-2014 23:00:03 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2012-02-19 22:31 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02A34D06-7C7A-40FB-8C49-B8848611DCF7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {072B774C-5C45-46A6-AED6-6EE3372061C9} - System32\Tasks\AllmyappsUpdateTask => C:\Users\jonathan\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe
Task: {101E94AF-029B-4556-99D1-5280B7B13D6C} - System32\Tasks\{E84D7584-0D2F-4EBE-98F4-D540A0568EE3} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.104.399/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {1F86E932-CE0F-4943-B261-6E9ED7B01053} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {20AC228C-4613-474E-96B9-86C1EC0B0937} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe
Task: {27DB2027-B8AD-4BF5-9052-A23FA2FE1DB6} - System32\Tasks\{A366B1F1-D2D0-445B-9341-06AFB1157710} => C:\Users\jonathan\Downloads\Minecraft.exe [2014-08-24] ()
Task: {3538202F-7976-4CF5-8B64-5158C4B01572} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {38BD053B-9711-48D2-83B4-C24D1BEA233E} - System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe
Task: {3B18412B-6547-45C4-B535-1CFA2E270E64} - System32\Tasks\{BA076DC8-D06C-4D71-9F44-9FF5846B0974} => C:\Users\jonathan\Downloads\Minecraft.exe [2014-08-24] ()
Task: {4638602E-5C5C-4928-B410-257F396A4EA0} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {4D03F609-76EC-412F-A2E8-FD4E80EE94EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {57105871-D206-4907-89E5-2931B82DA518} - System32\Tasks\GorillaRecover => C:\Users\jonathan\AppData\Roaming\NetNucleous\GorillaPrice\GpRecover.exe
Task: {5DC42743-E324-487E-82E8-CB464BC8115D} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\Users\jonathan\AppData\Local\Temp\cis4662.exe <==== ATTENTION
Task: {5E399F64-918D-4083-8D14-87758BA840CE} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {65564683-D7BB-44E3-8D93-140C290A167D} - System32\Tasks\{82F551EF-60F3-416B-A054-27CF2CA22C61} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.104.399/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {69D459DA-3943-4506-8F3D-8730782F5BF5} - System32\Tasks\{F2383670-1FE2-4881-A3AE-26F7B83FA342} => C:\Users\jonathan\Downloads\Minecraft.exe [2014-08-24] ()
Task: {6CD9F794-182D-462F-928D-EB0BD86CC003} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {78986A12-4886-4628-B04F-E2DEFFABBC55} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {78DF98FC-A19F-422D-AC0F-7E4D0F039C6E} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMNJGMOJKJKJJJLJIMCNLMPMMJMJCNLMHMGMJJCNNJLMLMKJCNLMMJKJKMMMIMMMKJOMJMKMOJJNJICMIMCNLMCNNMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMMMJMHMJNHICMNJKIBJPMOMJNBJCMFJAJBJOJLIHJOJBJJNKJCMJNNICMJNDJCMKJBJ"
Task: {7D94BB6D-D543-4B00-8CEC-2A51483487AB} - System32\Tasks\{B7CCBD83-4E56-4EFF-AFC3-8AFAA09DC232} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.104.399/en/go/help.faq.installer?LastError=1603
Task: {8174702C-312E-4832-B75C-A348832E7AF3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8AB613E8-7643-470B-91F7-13EA3400301D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {B1FE498F-560B-4E39-9801-7C9AAFCBBA90} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {B743618A-C118-42AE-B506-71CE39036176} - System32\Tasks\GPRecover => C:\Users\jonathan\AppData\Roaming\NetNucleous\GorillaPrice\GpRecover.exe
Task: {B8F79F36-4D20-48B6-860B-B014BC6AE9C6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2066194065-2671423776-3564127478-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BC79C6C3-4836-4392-9469-449632E7D7D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {C07D1E65-9A48-4B9E-BCB7-D92707C526B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2066194065-2671423776-3564127478-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C3087A5D-29E7-494D-8C6B-3C5DB06D5C68} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {DE4ACAAF-945A-4AA5-9FC6-C84BAF0E15A6} - System32\Tasks\{201B3777-B3F0-4DB6-AFEB-4510CC1C032D} => C:\Users\jonathan\Desktop\MinecraftDev.exe
Task: {DE7DC731-7C29-4484-A03D-AA8D56580641} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2066194065-2671423776-3564127478-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DECD5561-C969-4E1F-9162-A1EC7DEDFAEE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2066194065-2671423776-3564127478-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E0F03165-5251-4F58-A4B8-F72AA92BC53D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EB4867E3-0EE3-4F6F-8BBC-4C17E53521A2} - System32\Tasks\Ask4Expert\Smart PC Booster\Daily Scan => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe
Task: {F58BD628-588A-40E2-8198-B71683905662} - System32\Tasks\{CAE007A3-F12F-4106-87B6-0A941F00D061} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.104.399/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {F96ACBBB-4DFD-4E95-9330-DFE31BAB81B9} - System32\Tasks\LyricsParty-16-chromeinstaller => C:\Program Files (x86)\LyricsParty-16\LyricsParty-16-chromeinstaller.exe <==== ATTENTION
Task: {F98E6C7D-4494-4792-9954-C9D1BEDCBE61} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AllmyappsUpdateTask.job => C:\Users\jonathan\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe

==================== Loaded Modules (whitelisted) =============

2011-07-13 22:23 - 2011-07-13 22:23 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-05 02:15 - 2013-08-05 02:15 - 00070712 _____ () C:\Windows\system32\bdmpega64.acm
2014-07-16 13:49 - 2014-07-16 13:49 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-12 11:38 - 2014-10-12 11:38 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101200\algo.dll
2014-07-16 13:49 - 2014-07-16 13:49 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:6E6A4F42

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SunJavaUpdateSched =>

========================= Accounts: ==========================

Administrator (S-1-5-21-2066194065-2671423776-3564127478-500 - Administrator - Disabled)
Guest (S-1-5-21-2066194065-2671423776-3564127478-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2066194065-2671423776-3564127478-1004 - Limited - Enabled)
jonathan (S-1-5-21-2066194065-2671423776-3564127478-1000 - Administrator - Enabled) => C:\Users\jonathan

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2014 03:34:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1028
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/12/2014 02:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 10:26:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1794
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/12/2014 10:26:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 32.0.3.5379 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 97c

Start Time: 01cfe627f4d2263d

Termination Time: 30

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: bca22cdc-521b-11e4-950b-2c27d733853c

Error: (10/10/2014 10:18:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/12/2014 02:58:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (10/12/2014 02:58:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (10/12/2014 02:56:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068

Error: (10/12/2014 02:56:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Application Virtualization Client service depends on the Application Virtualization Service Agent service which failed to start because of the following error:
%%2

Error: (10/12/2014 02:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Pure Networks Platform Service service failed to start due to the following error:
%%2

Error: (10/12/2014 02:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Okiitan service failed to start due to the following error:
%%2

Error: (10/12/2014 02:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Okiitan service failed to start due to the following error:
%%2

Error: (10/12/2014 02:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Deal Keeper service failed to start due to the following error:
%%2

Error: (10/12/2014 02:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SupportSoft Repair Service (verizondm) service failed to start due to the following error:
%%2

Error: (10/12/2014 02:56:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SupportSoft Sprocket Service (verizondm) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/12/2014 03:34:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd102801cfe64f3fed954bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllbe994f6e-5246-11e4-9c4e-2c27d733853c

Error: (10/12/2014 02:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 10:26:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b179401cfe627fb29b7c7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc8e4e997-521b-11e4-950b-2c27d733853c

Error: (10/12/2014 10:26:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.3.537997c01cfe627f4d2263d30C:\Program Files (x86)\Mozilla Firefox\firefox.exebca22cdc-521b-11e4-950b-2c27d733853c

Error: (10/10/2014 10:18:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD Athlon II X4 645 Processor
Percentage of memory in use: 29%
Total physical RAM: 5887.29 MB
Available physical RAM: 4149.38 MB
Total Pagefile: 11772.75 MB
Available Pagefile: 9969.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.24 GB) (Free:740.84 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.17 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CD9781AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by jonathan (administrator) on JONATHAN-HP on 12-10-2014 15:56:35
Running from C:\Users\jonathan\Downloads
Loaded Profiles: jonathan & (Available profiles: jonathan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
HKLM-x32\...\Run: [VERIZONDM] => "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
HKLM-x32\...\Run: [startCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM-x32\...\Run: [TkBellExe] => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-11] (Power Software Ltd)
HKLM-x32\...\Run: [fst_us_225] => [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\jonathan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => "C:\Users\jonathan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2066194065-2671423776-3564127478-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [chromium] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window
HKU\S-1-5-21-2066194065-2671423776-3564127478-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2066194065-2671423776-3564127478-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2066194065-2671423776-3564127478-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3f5f9ca6-7399-11e0-9f9f-806e6f6e6963} - E:\support\autorun\autorun.exe
HKU\S-1-5-21-2066194065-2671423776-3564127478-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2066194065-2671423776-3564127478-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Startup: C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\jonathan\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0A0CzztCtCtByC0A0EyC0EzyyBtCtB0EtN0D0TzutBtDtCtBtDyBtBzy&cr=631172868
SearchScopes: HKLM - {7114D48E-977F-4A45-B4D9-E9528B327D48} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b}
SearchScopes: HKCU - DefaultScope {972D57F0-0A5F-4979-9601-635FA8AFADED} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {972D57F0-0A5F-4979-9601-635FA8AFADED} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - {9ae277e9-32f4-46d5-94f4-20201609d1d0} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKCU - No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
Toolbar: HKCU - No Name - {D30BC29F-19F6-40B3-A91F-D4707048ADE6} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DP

Link to comment
Share on other sites

Please uninstall the below items.

uTorrent

Guffins Internet Explorer Toolbar

 

 

You have an item located in your start ups folder that needs to be removed.

 

Go to the Windows Orb button, a search window will open. Type in msconfig, click on the Startup tab.

Scroll through the items listed and look for

 

Run: [fst_us_225]

SpeedItupFree

 

and please uncheck these.

 

Reboot

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

Task: {38BD053B-9711-48D2-83B4-C24D1BEA233E} - System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe

Task: {4638602E-5C5C-4928-B410-257F396A4EA0} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe

Task: {57105871-D206-4907-89E5-2931B82DA518} - System32\Tasks\GorillaRecover => C:\Users\jonathan\AppData\Roaming\NetNucleous\GorillaPrice\GpRecover.exe

Task: {5DC42743-E324-487E-82E8-CB464BC8115D} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\Users\jonathan\AppData\Local\Temp\cis4662.exe <==== ATTENTION

Task: {5E399F64-918D-4083-8D14-87758BA840CE} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe

Task: {B743618A-C118-42AE-B506-71CE39036176} - System32\Tasks\GPRecover => C:\Users\jonathan\AppData\Roaming\NetNucleous\GorillaPrice\GpRecover.exe

Guffins Internet Explorer Toolbar (HKLM-x32\...\Guffinsbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION

Snap.Do (HKLM-x32\...\{4130EAB4-F6D3-4981-A6DC-82CBCC308208}) (Version: 11.112.1.19229 - ReSoft Ltd.) <==== ATTENTION

Task: {38BD053B-9711-48D2-83B4-C24D1BEA233E} - System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe

Task: {5DC42743-E324-487E-82E8-CB464BC8115D} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\Users\jonathan\AppData\Local\Temp\cis4662.exe <==== ATTENTION

Task: {EB4867E3-0EE3-4F6F-8BBC-4C17E53521A2} - System32\Tasks\Ask4Expert\Smart PC Booster\Daily Scan => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe

Task: {F96ACBBB-4DFD-4E95-9330-DFE31BAB81B9} - System32\Tasks\LyricsParty-16-chromeinstaller => C:\Program Files (x86)\LyricsParty-16\LyricsParty-16-chromeinstaller.exe <==== ATTENTION

Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe

AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

AlternateDataStreams: C:\ProgramData\Temp:6E6A4F42

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0A0CzztCtCtByC0A0EyC0EzyyBtCtB0EtN0D0TzutBtDtCtBtDyBtBzy&cr=631172868

SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b}

Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Toolbar: HKLM-x32 - No Name - {9ae277e9-32f4-46d5-94f4-20201609d1d0} - No File

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File

Toolbar: HKCU - No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File

Toolbar: HKCU - No Name - {D30BC29F-19F6-40B3-A91F-D4707048ADE6} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File

FF Extension: No Name - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2012-01-08]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]_1t.com] - C:\Program Files (x86)\Playfin_1t\bar\1.bin

HR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S2 Update Deal Keeper; "C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe" [X]

C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe

S2 Update Okiitan; "C:\Program Files (x86)\Okiitan\updateOkiitan.exe" [X]

S2 Util Okiitan; "C:\Program Files (x86)\Okiitan\bin\utilOkiitan.exe" [X]

C:\Users\Public\AlexaNSISPlugin.9124.dll

C:\Users\jonathan\AppData\Local\Temp\Quarantine.exe

C:\Users\jonathan\AppData\Local\Temp\SAS6_Update.exe

C:\Users\jonathan\AppData\Local\Temp\SearchProtectionSetup.exe

 

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the FIX button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to comment
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by jonathan (administrator) on JONATHAN-HP on 01-11-2014 23:39:37
Running from C:\Users\jonathan\Downloads
Loaded Profile: jonathan (Available profiles: jonathan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(RedSky Sp. z o.o.) C:\Users\jonathan\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
() C:\Users\jonathan\AppData\Roaming\InetStat\inetstat.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\Bench\BService\1.1\bservice64.exe
() C:\Program Files (x86)\Bench\Wd\wd.exe
() C:\Users\jonathan\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe.old
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Farbar) C:\Users\jonathan\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
HKLM-x32\...\Run: [VERIZONDM] => "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
HKLM-x32\...\Run: [startCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM-x32\...\Run: [TkBellExe] => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-11] (Power Software Ltd)
HKLM-x32\...\Run: [fst_us_225] => [X]
HKLM-x32\...\Run: [bService] => C:\Program Files (x86)\Bench\BService\1.1\bservice.exe
HKLM-x32\...\Run: [bService64] => C:\Program Files (x86)\Bench\BService\1.1\bservice64.exe [110592 2014-08-20] ()
HKLM-x32\...\Run: [Wd] => C:\Program Files (x86)\Bench\Wd\wd.exe [92672 2014-08-20] ()
HKLM-x32\...\Run: [bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe [123392 2014-10-21] ()
HKLM-x32\...\Run: [bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe
HKLM-x32\...\RunOnce: [browser Warden-repairJob] => wscript.exe "C:\Users\jonathan\AppData\Local\Browser Warden\repair.js" "Browser Warden-repairJob"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\jonathan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Run: [Obrona Block Ads] => C:\Users\jonathan\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.)
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Run: [itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] ()
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Run: [inetStat] => C:\Users\jonathan\AppData\Roaming\InetStat\inetstat.exe [702990 2014-10-29] ()
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2066194065-2671423776-3564127478-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Startup: C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\jonathan\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:9880
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0A0CzztCtCtByC0A0EyC0EzyyBtCtB0EtN0D0TzutBtDtCtBtDyBtBzy&cr=631172868
SearchScopes: HKLM - {7114D48E-977F-4A45-B4D9-E9528B327D48} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b}
SearchScopes: HKCU - DefaultScope {972D57F0-0A5F-4979-9601-635FA8AFADED} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {972D57F0-0A5F-4979-9601-635FA8AFADED} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO64.dll ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No File
BHO-x32: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO.dll ()
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - {9ae277e9-32f4-46d5-94f4-20201609d1d0} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKCU - No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
Toolbar: HKCU - No Name - {D30BC29F-19F6-40B3-A91F-D4707048ADE6} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll No File
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{08D0D9D5-C45B-426C-98FE-56118636302B}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{35400ED1-EC6A-463E-892A-2C201C84A4E6}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{93BAC842-50AB-4481-9915-244B26DFCB2B}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{CB53ED41-ECD1-4B2B-BB42-811C5717AE0C}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{CD87B102-C79A-45EC-A715-32922C20A80C}: [NameServer] 208.69.150.250,208.69.150.252

FireFox:
========
FF ProfilePath: C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.2:
FF Homepage: https://my.yahoo.com/
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @ei.WeatherBlink.com/Plugin -> C:\Program Files (x86)\WeatherBlinkEI\Installr\1.bin\NPgcEISB.dll No File
FF Plugin-x32: @FestiveBar_3g.com/Plugin -> C:\Program Files (x86)\FestiveBar_3g\bar\1.bin\NP3gStub.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~2\MEADCO~1\npmeadax.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.666 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\jonathan\AppData\Local\Roblox\Versions\version-e66ffbb509ce4483\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @nsroblox.roblox.com/launcher64 -> C:\Users\jonathan\AppData\Local\Roblox\Versions\version-e66ffbb509ce4483\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jonathan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\searchplugins\yahoo_ff.xml
FF Extension: Battlefield Heroes Updater - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected] [2014-03-15]
FF Extension: Battlefield Play4Free - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected] [2014-03-22]
FF Extension: LavaFox V2-Blue - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected] [2014-05-12]
FF Extension: LavaFox V2 - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected] [2014-05-12]
FF Extension: Star Stable Online - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected] [2013-11-14]
FF Extension: The Search Sidebar - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected] [2011-07-02]
FF Extension: No Name - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2012-01-08]
FF Extension: Browser Warden - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\{79994657-8246-64F3-EABE-44FD7B5D43AA} [2014-10-29]
FF Extension: Add to Amazon Wish List Button - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected] [2011-11-27]
FF Extension: Classic Compact Options - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\[email protected] [2012-07-20]
FF Extension: classiccompact - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-07-09]
FF Extension: classiccompact - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi [2012-07-20]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\df7f20c16203a429af19cbef74fb2be5 [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-08-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]_1t.com] - C:\Program Files (x86)\Playfin_1t\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\src
FF Extension: No Name - {0153E448-190B-4987-BDE1-F256CADA672F} [Not Found]
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR Profile: C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (YouTube) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-16]
CHR Extension: (Gmail) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\jonathan\AppData\Roaming\PRINTA~1\printatreeChrome.crx []
CHR HKCU\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\jonathan\AppData\Roaming\PRINTA~1\printatreeChrome.crx []
CHR HKCU\...\Chrome\Extension: [efceifepimncccpgehonijdpjigknafn] - C:\Users\jonathan\AppData\Local\CRE\efceifepimncccpgehonijdpjigknafn.crx []
CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\jonathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx []
CHR HKLM-x32\...\Chrome\Extension: [beboepbcndlepbhjhjpanoipjgjgbmcb] - C:\Users\jonathan\AppData\Local\Temp\beboepbcndlepbhjhjpanoipjgjgbmcb.crx []
CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\jonathan\AppData\Roaming\PRINTA~1\printatreeChrome.crx []
CHR HKLM-x32\...\Chrome\Extension: [efceifepimncccpgehonijdpjigknafn] - C:\Users\jonathan\AppData\Local\CRE\efceifepimncccpgehonijdpjigknafn.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-25]
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\jonathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2012-11-25]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-25] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [X]
S2 LightScribeService; "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [X]
S2 LinksysUpdater; "C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files (x86)\Linksys\Linksys Updater\conf\wrapper.conf"
S2 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [X]
S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X]
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [X]
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [X]
S2 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [X]
S2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [X]
S3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [X]
S2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe /service /p verizondm [X]
S2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe /p verizondm [X]
S2 UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [X]
S2 Update Deal Keeper; "C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe" [X]
S2 Update Okiitan; "C:\Program Files (x86)\Okiitan\updateOkiitan.exe" [X]
S2 Util Okiitan; "C:\Program Files (x86)\Okiitan\bin\utilOkiitan.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-16] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-16] ()
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2011-05-08] (Devguru Co., Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-28] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-12-21] (MCCI Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 23:38 - 2014-11-01 23:38 - 02114048 _____ (Farbar) C:\Users\jonathan\Downloads\FRST64(1).exe
2014-11-01 23:38 - 2014-11-01 23:38 - 00805416 _____ ( ) C:\Users\jonathan\Downloads\DownloadManagerSetup.exe
2014-11-01 23:13 - 2014-11-01 23:13 - 01142392 _____ () C:\Users\jonathan\Downloads\SteamSetup(1).exe
2014-11-01 23:13 - 2014-11-01 23:13 - 00000929 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-11-01 23:13 - 2014-11-01 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-31 17:54 - 2014-10-31 17:54 - 01036416 _____ (TODO: <Company name>) C:\Users\jonathan\Downloads\Firefox_Updater.exe
2014-10-31 17:54 - 2014-10-31 17:54 - 01036416 _____ (TODO: <Company name>) C:\Users\jonathan\Downloads\Firefox_Updater(1).exe
2014-10-30 19:20 - 2014-11-01 19:20 - 00003290 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2014-10-30 19:20 - 2014-10-30 19:20 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2014-10-30 19:18 - 2014-11-01 19:18 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-10-29 19:18 - 2014-11-01 23:31 - 00000350 _____ () C:\Windows\Tasks\bench-S-1-5-21-2066194065-2671423776-3564127478-1000.job
2014-10-29 19:18 - 2014-11-01 23:12 - 00000003 _____ () C:\Users\jonathan\AppData\Local\proxy.log
2014-10-29 19:18 - 2014-11-01 20:33 - 00000350 _____ () C:\Windows\Tasks\bench-sys.job
2014-10-29 19:18 - 2014-10-29 19:18 - 00003268 _____ () C:\Windows\System32\Tasks\GPUP
2014-10-29 19:18 - 2014-10-29 19:18 - 00003246 _____ () C:\Windows\System32\Tasks\bench-sys
2014-10-29 19:18 - 2014-10-29 19:18 - 00003230 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-2066194065-2671423776-3564127478-1000
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Warden
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\InetStat
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\GetPrivate
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Browser Warden
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Users\jonathan\AppData\Local\BenchUpdater
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Program Files (x86)\GetPrivate
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Program Files (x86)\Browser Warden
2014-10-29 19:18 - 2014-10-29 19:18 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-10-29 19:17 - 2014-10-29 19:17 - 00682504 _____ () C:\Users\jonathan\Downloads\The_Sims_3_Pets-FLT.exe
2014-10-29 16:35 - 2014-10-29 17:57 - 00000000 ____D () C:\Users\jonathan\Downloads\The.Sims.2.Pets - RELOADED
2014-10-29 16:34 - 2014-10-29 16:34 - 00013122 _____ () C:\Users\jonathan\Downloads\The.Sims.2.Pets - RELOADED.torrent
2014-10-29 16:25 - 2014-10-29 16:25 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Itibiti
2014-10-29 16:25 - 2014-10-29 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2014-10-29 16:25 - 2014-10-29 16:25 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-10-29 16:24 - 2014-10-29 16:25 - 15786313 _____ () C:\Users\jonathan\Desktop\SIMS2Pets_hi[1].zip
2014-10-29 16:23 - 2014-11-01 23:35 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Obrona Block Ads
2014-10-29 16:23 - 2014-10-29 16:23 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OBRONA BlockAds
2014-10-29 16:22 - 2014-10-29 16:22 - 15786313 _____ () C:\Users\jonathan\Desktop\SIMS2Pets_hi.zip
2014-10-29 16:21 - 2014-10-29 16:21 - 00370528 _____ () C:\Users\jonathan\Downloads\SoftonicDownloader_for_the-sims-2-pets.exe
2014-10-28 19:50 - 2014-10-28 19:53 - 01054912 _____ (Adobe) C:\Users\jonathan\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe
2014-10-28 14:25 - 2014-10-28 14:25 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 20:01 - 2014-10-17 20:01 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Nem's Tools
2014-10-17 20:00 - 2014-10-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools
2014-10-17 20:00 - 2014-10-17 20:00 - 00000000 ____D () C:\Program Files\Nem's Tools
2014-10-17 19:59 - 2014-10-17 19:59 - 02162180 _____ (Neil Jedrzejewski & Ryan Gregg ) C:\Users\jonathan\Downloads\vtfedit133.exe
2014-10-15 05:56 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 05:56 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 05:56 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 05:56 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 05:56 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 05:56 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 05:56 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 05:56 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 05:56 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 05:56 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 05:56 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 05:56 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 05:56 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 05:56 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 05:56 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 05:56 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 05:56 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 05:56 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 05:56 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 05:55 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 05:55 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 05:55 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 05:55 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 05:55 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 05:55 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 05:55 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 05:55 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 05:55 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 05:55 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 05:55 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 05:55 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 05:55 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 05:55 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 05:55 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 05:55 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 05:55 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 05:55 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 05:55 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 05:55 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 05:55 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 05:55 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 05:55 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 05:55 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 05:55 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 05:55 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 05:55 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 05:55 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 05:55 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 05:55 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 05:55 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 05:55 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 05:55 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 05:55 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 05:55 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 05:55 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 05:55 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 05:55 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 05:55 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 05:55 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 05:55 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 05:55 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 05:55 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 05:55 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 05:55 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 05:55 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 05:55 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 05:55 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 05:55 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 05:55 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 05:55 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 05:55 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 05:55 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 05:55 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 05:55 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 05:55 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 05:55 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 05:55 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 05:55 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 05:55 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 05:55 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 05:55 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 05:55 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 05:55 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 05:55 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 05:55 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 05:54 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 05:54 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 05:54 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 05:54 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 05:54 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 05:54 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 05:54 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 05:54 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 05:54 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 05:54 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 05:54 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 05:54 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 05:54 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 05:54 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 05:54 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 05:54 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 05:54 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 05:54 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 05:54 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 05:54 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 05:54 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 05:54 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 05:54 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 05:54 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 05:54 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 05:54 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 05:54 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 05:54 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 05:54 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 05:54 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 05:53 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 05:53 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 05:53 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 05:53 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 05:53 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 05:53 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 05:53 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 05:53 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 05:53 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 05:53 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 05:53 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 05:53 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 05:53 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 05:53 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 05:53 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 05:53 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 05:53 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 05:53 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 05:53 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 05:53 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 05:53 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 05:53 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 05:53 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 05:53 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 05:53 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 05:53 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 22:45 - 2014-10-30 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-13 16:38 - 2014-10-13 21:36 - 00000000 ____D () C:\Users\jonathan\Documents\Camtasia Studio
2014-10-13 16:38 - 2014-10-13 16:38 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\TechSmith
2014-10-13 16:37 - 2014-10-13 16:37 - 00000000 ____D () C:\Users\jonathan\AppData\Local\TechSmith
2014-10-13 16:36 - 2014-10-13 16:36 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-10-13 16:36 - 2014-10-13 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-10-13 16:36 - 2014-10-13 16:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-13 16:35 - 2014-10-13 16:35 - 00000000 ____D () C:\ProgramData\TechSmith
2014-10-13 16:35 - 2014-10-13 16:35 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-10-13 16:23 - 2014-10-13 16:32 - 258654568 _____ () C:\Users\jonathan\Downloads\camtasia(1).exe
2014-10-12 15:57 - 2014-10-12 15:58 - 00049383 _____ () C:\Users\jonathan\Downloads\Addition.txt
2014-10-12 15:56 - 2014-11-01 23:39 - 00029413 _____ () C:\Users\jonathan\Downloads\FRST.txt
2014-10-12 15:56 - 2014-11-01 23:39 - 00000000 ____D () C:\FRST
2014-10-12 15:55 - 2014-10-12 15:55 - 02110464 _____ (Farbar) C:\Users\jonathan\Downloads\FRST64.exe
2014-10-12 15:03 - 2014-10-28 14:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 15:03 - 2014-10-28 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-12 15:03 - 2014-10-28 14:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 15:03 - 2014-10-12 15:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-12 15:03 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 15:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 15:03 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-12 15:02 - 2014-10-12 15:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jonathan\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-10-12 14:54 - 2014-10-12 14:54 - 00321848 _____ (Malwarebytes Corporation) C:\Users\jonathan\Downloads\mbam-clean-2.1.1.1001.exe
2014-10-12 09:17 - 2014-10-27 15:50 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Screencast-O-Matic
2014-10-10 22:08 - 2014-10-10 22:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jonathan\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-10 22:04 - 2014-10-10 22:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jonathan\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-10 21:59 - 2014-10-10 21:59 - 00000000 ____D () C:\Windows\ERUNT
2014-10-10 21:58 - 2014-10-10 21:58 - 01705755 _____ (Thisisu) C:\Users\jonathan\Downloads\JRT.exe
2014-10-10 21:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-10 21:37 - 2014-10-10 21:37 - 01375089 _____ () C:\Users\jonathan\Downloads\AdwCleaner(1).exe
2014-10-08 22:58 - 2014-10-08 22:58 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-05 00:43 - 2014-10-05 00:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 23:38 - 2012-03-30 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 23:33 - 2014-07-17 07:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-01 23:30 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 23:30 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 23:28 - 2012-04-16 04:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 23:10 - 2013-07-22 18:00 - 00000000 ____D () C:\Users\jonathan\Desktop\pics
2014-11-01 23:09 - 2014-09-25 18:02 - 00050494 _____ () C:\Windows\PFRO.log
2014-11-01 23:09 - 2014-09-25 00:45 - 00002320 _____ () C:\Windows\setupact.log
2014-11-01 23:09 - 2013-01-27 13:04 - 00000420 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
2014-11-01 23:09 - 2012-04-16 04:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 23:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 23:08 - 2011-07-02 11:18 - 01860545 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 16:50 - 2013-01-21 20:45 - 00000408 _____ () C:\Windows\Tasks\AllmyappsUpdateTask.job
2014-11-01 11:52 - 2013-09-21 23:04 - 00000000 ____D () C:\FeralHeart
2014-11-01 10:47 - 2014-05-15 20:45 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\uTorrent
2014-10-29 19:18 - 2011-07-07 04:44 - 00000000 ____D () C:\Users\jonathan\AppData\Local\CrashDumps
2014-10-28 19:23 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 22:16 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-24 01:28 - 2012-01-25 03:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-18 23:20 - 2012-01-25 03:07 - 00000000 ___RD () C:\Users\jonathan\Desktop\SECURITY S
2014-10-16 04:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 03:33 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 03:32 - 2009-07-14 00:45 - 00280408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:29 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 03:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 03:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 03:08 - 2013-07-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:00 - 2011-07-24 09:24 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 02:55 - 2014-07-16 14:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-14 17:48 - 2014-07-22 21:07 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Mirillis
2014-10-13 16:37 - 2011-07-02 11:19 - 00000000 ____D () C:\Users\jonathan
2014-10-13 00:35 - 2014-09-13 15:04 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Fraps_2180818
2014-10-10 21:42 - 2014-09-13 15:36 - 00001045 _____ () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-10 21:42 - 2014-09-13 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\now-download-free bundle
2014-10-10 21:42 - 2014-01-07 09:52 - 00000000 ____D () C:\AdwCleaner
2014-10-09 19:15 - 2014-09-12 16:31 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-10-08 22:58 - 2012-01-25 03:05 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-04 21:53 - 2013-07-28 18:09 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\.minecraft
2014-10-03 23:14 - 2012-02-02 09:23 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

Files to move or delete:
====================
C:\Users\Public\AlexaNSISP

Link to comment
Share on other sites

I am so sorry I did not see your reply, I have subscribed to this topic again and will try to make sure it doesn't happen again.

 

This computer is loaded with malware.

It will take several scans (less I hope to remove all this)

 

Running from C:\Users\jonathan\Downloads

This wont work running from this location.

 

Please go to your downloads folder, Locate farbar-recovery-scan-tool Icon

right click on this and select CUT

Next, go to your desktop, right click and select PASTE

You should see the farbar-recovery-scan-tool Icon on desktop now.

 

Go to the Windows Orb button, a search window will open. Type in msconfig, click on the Startup tab.

Scroll through the items listed and look for

 

Run: [fst_us_225]

SpeedItupFree

BService

Bench\BService

Bench Communicator Watcher

Bench Settings Cleaner

Browser Warden

 

and please uncheck these. (All that you find)

 

Reboot

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll No File

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmood...zy&cr=631172868

ProxyServer: http=127.0.0.1:9880

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

BHO: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO64.dll ()

BHO-x32: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO.dll ()

Toolbar: HKLM-x32 - No Name - {9ae277e9-32f4-46d5-94f4-20201609d1d0} - No File

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File

Toolbar: HKCU - No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File

Toolbar: HKCU - No Name - {D30BC29F-19F6-40B3-A91F-D4707048ADE6} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File

Tcpip\..\Interfaces\{08D0D9D5-C45B-426C-98FE-56118636302B}: [NameServer] 208.69.150.250,208.69.150.252

Tcpip\..\Interfaces\{35400ED1-EC6A-463E-892A-2C201C84A4E6}: [NameServer] 208.69.150.250,208.69.150.252

Tcpip\..\Interfaces\{93BAC842-50AB-4481-9915-244B26DFCB2B}: [NameServer] 208.69.150.250,208.69.150.252

Tcpip\..\Interfaces\{CB53ED41-ECD1-4B2B-BB42-811C5717AE0C}: [NameServer] 208.69.150.250,208.69.150.252

Tcpip\..\Interfaces\{CD87B102-C79A-45EC-A715-32922C20A80C}: [NameServer] 208.69.150.250,208.69.150.252

FF Extension: No Name - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2012-01-08]

FF Extension: Browser Warden - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\Extensions\{79994657-8246-64F3-EABE-44FD7B5D43AA} [2014-10-29]

FF Extension: No Name - {0153E448-190B-4987-BDE1-F256CADA672F} [Not Found]

FF Extension: No Name - [email protected] [Not Found]

CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\jonathan\AppData\Roaming\PRINTA~1\printatreeChrome.crx []

CHR HKCU\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\jonathan\AppData\Roaming\PRINTA~1\printatreeChrome.crx []

CHR HKCU\...\Chrome\Extension: [efceifepimncccpgehonijdpjigknafn] - C:\Users\jonathan\AppData\Local\CRE\efceifepimncccpgehonijdpjigknafn.crx []

CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\jonathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx []

CHR HKLM-x32\...\Chrome\Extension: [beboepbcndlepbhjhjpanoipjgjgbmcb] - C:\Users\jonathan\AppData\Local\Temp\beboepbcndlepbhjhjpanoipjgjgbmcb.crx []

CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\jonathan\AppData\Roaming\PRINTA~1\printatreeChrome.crx []

CHR HKLM-x32\...\Chrome\Extension: [efceifepimncccpgehonijdpjigknafn] - C:\Users\jonathan\AppData\Local\CRE\efceifepimncccpgehonijdpjigknafn.crx []

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]

CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-25]

CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\jonathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2012-11-25]

S2 Update Deal Keeper; "C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe" [X]

C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe

S2 Update Okiitan; "C:\Program Files (x86)\Okiitan\updateOkiitan.exe" [X]

S2 Util Okiitan; "C:\Program Files (x86)\Okiitan\bin\utilOkiitan.exe" [X]

C:\Program Files (x86)\Okiitan\updateOkiitan.exe

C:\Program Files (x86)\Okiitan\bin\utilOkiitan.exe

2014-10-29 19:18 - 2014-11-01 23:31 - 00000350 _____ () C:\Windows\Tasks\bench-S-1-5-21-2066194065-2671423776-3564127478-1000.job

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
please post

 

 

Fixlog.txt

C:\AdwCleaner.txt

JRT.txt

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...